What is claimed is: 



CLAIMS 



1 1. A method for tracking the routing of an electronic document, 

2 comprising: 

3 embedding a unique identifier within an electronic document; 

4 and 

5 monitoring e-mail messages transmitted from senders to 

6 recipients, for detection of e-mail messages having the electronic document 

7 embedded therewithin or attached thereto, based on the unique identifier. 

1 2. The method of claim 1 wherein the electronic document is a 

2 Microsoft Word document. 

1 3. The method of claim 1 wherein the electronic document is a 

2 Microsoft Excel spreadsheet. 

1 4. The method of claim 1 wherein the electronic documents is a 

2 Microsoft PowerPoint presentation. 

1 5. The method of claim 1 wherein the electronic document is an 

2 Adobe PDF document. 

1 6. The method of claim 1 wherein the electronic document is an 

2 HTML document. 

1 7. The method of claim 1 wherein the electronic document is an 

2 XML document. 

1 8. The method of claim 1 further comprising logging a recipient of 

2 an e-mail message having the electronic document embedded therewithin or 

3 attached thereto, in an audit record, when said monitoring detects the e-mail 

4 message. 

1 9. The method of claim 8 further comprising logging a sender of an 

2 e-mail message having the electronic document embedded therewithin or attached 

3 thereto, in an audit record, when said monitoring detects the e-mail message. 
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1 10. The method of claim 9 further comprising logging a date and 

2 time of transmission of an e-mail message having the electronic document 

3 embedded therewithin or attached thereto, in an audit record, when said 

4 monitoring detects the e-mail message. 

1 11. The method of claim 10 further comprising generating a tracking 

2 report from audit records, corresponding to at least one specified document. 

1 12. The method of claim 10 further comprising generating a tracking 

2 report from audit records, corresponding to at least one specified user. 

1 13. The method of claim 10 further comprising generating a tracking 

2 report from the audit records, corresponding to a specified time period. 

1 14. The method of claim 1 further comprising logging the most 

2 recent file name of a file storing the electronic document, in an audit record, when 

3 said monitoring detects an e-mail message having the electronic document 

4 embedded therewithin or attached thereto. 

1 15. The method of claim 1 wherein said monitoring comprises 

2 authenticating the unique identifier. 

1 16. The method of claim 15 further comprising issuing a notification 

2 if said authenticating fails to authenticate the unique identifier. 

1 17. The method of claim 1 further comprising: 

2 examining an access control policy to determine whether or not 

3 permission is granted to transmit the electronic document to a recipient of an e- 

4 mail message having the electronic document embedded therewithin or attached 

5 thereto; and 

6 causing transmission of the e-mail message to the recipient to be 

7 blocked, if said examining determines that permission is not granted. 

1 18. The method of claim 17 further comprising issuing a notification 

2 about said causing to be blocked. 
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1 19. A system for tracking the routing of an electronic document, 

2 comprising: 

3 an auto-marker for embedding a unique identifier within an 

4 electronic document; and 

5 a traffic monitor for monitoring e-mail messages transmitted 

6 from senders to recipients, and for detecting e-mail messages having the 

7 electronic document embedded therewithin or attached thereto, based on the 

8 unique identifier. 

1 20. The system of claim 19 wherein the electronic document is a 

2 Microsoft Word document. 

1 21. The system of claim 19 wherein the electronic document is a 

2 Microsoft Excel spreadsheet. 

1 22. The system of claim 19 wherein the electronic document is a 

2 Microsoft PowerPoint presentation. 

1 23. The system of claim 19 wherein the electronic document is an 

2 Adobe PDF document. 

1 24. The system of claim 19 wherein the electronic document is an 

2 HTML document. 

1 25. The system of claim 19 wherein the electronic document is an 

2 XML document. 

1 26. The system of claim 19 further comprising an auditor for logging 

2 a recipient of an e-mail message having the electronic document embedded 

3 therewithin or attached thereto, in an audit record, when said traffic monitor 

4 detects the e-mail message. 

1 27. The system of claim 26 further comprising an auditor for logging 

2 a sender of an e-mail message having the electronic document embedded 

3 therewithin or attached thereto, in an audit record, when said traffic monitor 

4 detects the e-mail message. 
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1 28. The system of claim 27 further comprising an auditor for logging 

2 a date and time of transmission of an e-mail message having the electronic 

3 document embedded therewithal or attached thereto, in an audit record, when said 

4 traffic monitor detects the e-mail message 

1 29. The system of claim 28 further comprising a reporter for 

2 generating a tracking report from audit records, corresponding to at least one 

3 specified document. 

1 30. The system of claim 28 further comprising a reporter for 

2 generating a tracking report from audit records, corresponding to at least one 

3 specified user. 

1 31. The system of claim 28 further comprising a reporter for 

2 generating a tracking report from audit records, corresponding to a specified time 

3 period. 

1 32. The system of claim 19 further comprising an auditor for logging 

2 the most recent file name of a file storing the electronic document, in an audit 

3 record, when said traffic monitor detects an e-mail message having the electronic 

4 document embedded there within or attached thereto. 

1 33. The system of claim 19 further comprising a scanner for 

2 authenticating the unique identifier. 

1 34. The system of claim 33 further comprising a notifier for issuing a 

2 notification if said authenticating fails to authenticate the unique identifier. 

1 35. The system of claim 19 further comprising: 

2 a policy manager for examining an access control policy to 

3 determine whether or not permission is granted to transmit the electronic 

4 document to a recipient of an e-mail message having the electronic document 

5 embedded there within or attached thereto; and 

6 a policy enforcer for causing transmission of the e-mail message 

7 to the recipient to be blocked, if said policy manager determines that permission is 

8 not granted. 
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1 36. The system of claim 35 further comprising a notifier for issuing a 

2 notification about said policy enforcer causing transmission of the e-mail message 

3 to be blocked. 

1 37. A computer-readable storage medium storing program code for 

2 causing a computer to perform the steps of: 

3 embedding a unique identifier within an electronic document; 

4 and 

5 monitoring e-mail messages transmitted from senders to 

6 recipients, for detection of the electronic document embedded therewithin or 

7 attached thereto, based on the unique identifier. 

1 38. A method for tracking the routing of an electronic document, 

2 comprising: 

3 embedding a unique identifier within an electronic document; 

4 and 

5 monitoring transmitted network packets, for detection of network 

6 packets containing the electronic document, based on the unique identifier. 
1 

2 39. The method of claim 38 further comprising logging an audit 

3 record of the transmission, when a network packet containing the electronic 

4 document is detected by said monitoring. 

1 40. The method of claim 39 wherein said logging includes logging a 

2 date and time of the transmission in the audit record. 

1 41. The method of claim 39 wherein said logging includes logging a 

2 destination of the transmission in the audit record. 

1 42. The method of claim 38 wherein said monitoring monitors 

2 networks packets transmitted internally within an organization network. 

1 43. The method of claim 38 wherein said monitoring monitors 

2 networks packets transmitted from within an organization network to outside of 

3 the organization network. 
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1 44. The method of claim 38 wherein said monitoring monitors 

2 networks packets transmitted to an organization network from outside of the 

3 organization network. 

1 45. The method of claim 38 wherein the network packets are 

2 transmitted in response to an FTP download. 

1 46. The method of claim 38 wherein the network packets are 

2 transmitted in response to an HTTP download. 

1 47. The method of claim 38 wherein the network packets are 

2 transmitted in response to an Instant Messenger download. 

1 48. A system for tracking the routing of an electronic document, 

2 comprising: 

3 an auto-marker for embedding a unique identifier within an 

4 electronic document; and 

5 a traffic monitor for monitoring transmitted network packets, and 

6 for detection of network packets containing the electronic document, based on the 

7 unique identifier. 

1 49. The system of claim 48 further comprising an auditor for logging 

2 an audit record of the transmission when a network packet containing the 

3 electronic document is detected by said traffic monitor. 

1 50. The system of claim 49 wherein said auditor logs a date and time 

2 of the transmission in the audit record. 

1 51. The system of claim 49 wherein said auditor logs a destination of 

2 the transmission in the audit record. 

1 52. The system of claim 48 wherein said traffic monitor monitors 

2 networks packets transmitted internally within an organization network. 
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1 53. The system of claim 48 wherein said traffic monitor monitors 

2 networks packets transmitted from within an organization network to outside of 

3 the organization network. 

1 54. The system of claim 48 wherein said traffic monitor monitors 

2 networks packets transmitted to an organization network from outside of the 

3 organization network. 

1 55. The system of claim 48 wherein the network packets are 

2 transmitted in response to an FTP download. 

1 56. The system of claim 48 wherein the network packets are 

2 transmitted in response to an HTTP download. 

1 57. The system of claim 48 wherein the network packets are 

2 transmitted in response to an Instant Messenger download. 

1 58. A computer-readable storage medium storing program code for 

2 causing a computer to perform the steps of: 

3 embedding a unique identifier within an electronic document; 

4 and 

5 monitoring transmitted network packets, for detection of network 

6 packets containing the electronic document, based on the unique identifier. 

1 59. A method for controlling distribution of an electronic document 

2 within computer networks, comprising: 

3 intercepting e-mail messages being transmitted from senders to 

4 recipients; 

5 scanning the intercepted e-mail messages for detection of a 

6 specified electronic document embedded therein or attached thereto; 

7 examining a policy to determine whether or not transmission of 

8 the document to a recipient is permitted, if said scanning detects an e-mail 

9 message having the electronic document embedded therein or attached thereto; 

10 and 

11 causing transmission of the document to the recipient to be 

12 blocked, if said examining determines that transmission is not permitted. 
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1 60. The method of claim 59 wherein said scanning detects the 

2 electronic document based on a unique identifier embedded therewithin. 

1 61. The method of claim 59 wherein the policy indicates recipients 

2 permitted to access the electronic document. 

1 62. The method of claim 59 wherein the policy indicates recipients 

2 not permitted to access the electronic document. 

1 63. The method of claim 59 wherein the policy indicates senders 

2 permitted to send the electronic document. 

1 64. The method of claim 59 wherein the policy indicates senders not 

2 permitted to send the electronic document. 

1 65. The method of claim 59 further comprising issuing a notification, 

2 if said examining determines that transmission is not permitted. 

1 66. The method of claim 59 further comprising generating an audit 

2 record to record transmission of the electronic document via an e-mail message, if 

3 said examining determines that transmission is permitted. 

1 67. A system for controlling distribution of an electronic document 

2 within computer networks, comprising: 

3 a traffic monitor for intercepting e-mail messages being 

4 transmitted from senders to recipients; 

5 a scanner for scanning the intercepted e-mail messages, and for 

6 detecting a specified electronic document embedded therein or attached thereto; 

7 a policy manager for examining a policy to determine whether or 

8 not transmission of the document to a recipient of an e-mail message is permitted; 

9 and 

1 0 a policy enforcer for causing transmission of the document to the 

1 1 recipient to be blocked. 

1 68. The system of claim 67 wherein said scanner detects the 

2 electronic document based on a unique identifier embedded therewithin. 
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1 69. The system of claim 67 wherein the policy indicates recipients 

2 permitted to access the electronic document. 

1 70. The system of claim 67 wherein the policy indicates recipients 

2 not permitted to access the electronic document. 

1 71. The system of claim 67 wherein the policy indicates senders 

2 permitted to send the electronic document. 

1 72. The system of claim 67 wherein the policy indicates senders not 

2 permitted to send the electronic document. 

1 73. The system of claim 67 further comprising a notifier for issuing a 

2 notification, if said examining determines that transmission is not permitted. 

1 74. The system of claim 67 further comprising an auditor for 

2 generating an audit record, to record transmission of the electronic document via 

3 an e-mail message, if said policy manager determines that transmission is 

4 permitted. 

1 75. A computer-readable storage medium storing program code for 

2 causing a computer to perform the steps of: 

3 intercepting e-mail messages being transmitted from senders to 

4 recipients; 

5 scanning the intercepted e-mail messages for detection of a 

6 specified electronic document embedded therein or attached thereto; 

7 examining a policy to determine whether or not transmission of 

8 the document to a recipient is permitted, if said scanning detects an e-mail 

9 message having the electronic document embedded therein or attached thereto; 

10 and 

11 causing transmission of the document to the recipient to be 

12 blocked, if said examining determines that transmission is not permitted. 

1 76. A method for controlling distribution of an electronic document 

2 within computer networks, comprising: 

3 intercepting network packets transmitted over a computer 

4 network; 
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5 scanning the intercepted network packets for detection of 

6 network packets containing a specified electronic document; 

7 examining a policy to determine whether or not transmission of 

8 the specified electronic document is permitted, if said scanning detects a network 

9 packet containing the specified electronic document; and 

10 causing transmission of the document to be blocked, if said 

1 1 examining determines that transmission is not permitted. 

1 77. The method of claim 76 wherein said scanning detects the 

2 specified electronic document based on a unique identifier embedded therewithin. 

1 78. The method of claim 76 wherein the policy indicates recipients 

2 permitted to access the specified electronic document. 

1 79. The method of claim 76 wherein the policy indicates recipients 

2 not permitted to access the specified electronic document. 

1 80. The method of claim 76 wherein the network packets are 

2 transmitted in response to an FTP download. 

1 81. The method of claim 76 wherein the network packets are 

2 transmitted in response to an HTTP download. 

1 82. The method of claim 76 wherein the network packets are 

2 transmitted in response to an Instant Messenger download. 

1 83. A system for controlling distribution of an electronic document 

2 within computer networks, comprising: 

3 a traffic monitor for intercepting network packets transmitted 

4 over a computer network; 

5 a scanner for scanning the intercepted network packets and for 

6 detecting network packets containing a specified electronic document; 

7 a policy manager for examining a policy to determine whether or 

8 not transmission of the specified electronic document is permitted; and 

9 a policy enforcer for causing transmission of the document to be 
10 blocked. 
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1 84. The system of claim 83 wherein said scanner detects the 

2 specified electronic document based on a unique identifier embedded therewithin. 

1 85. The system of claim 83 wherein the policy indicates recipients 

2 permitted to access the specified electronic document. 

1 86. The system of claim 83 wherein the policy indicates recipients 

2 not permitted to access the specified electronic document. 

1 87. The system of claim 83 wherein the network packets are 

2 transmitted in response to an FTP download. 

1 88. The system of claim 83 wherein the network packets are 

2 transmitted in response to an HTTP download. 

1 89. The system of claim 83 wherein the network packets are 

2 transmitted in response to an Instant Messenger download. 

1 90. A computer-readable storage medium storing program code for 

2 causing a computer to perform the steps of: 

3 intercepting network packets transmitted over a computer 

4 network; 

5 scanning the intercepted network packets for detection of 

6 network packets containing a specified electronic document; 

7 examining a policy to determine whether or not transmission of 

8 the specified electronic document is permitted, if said scanning detects a network 

9 packet containing the specified electronic document; and 

10 causing transmission of the document to be blocked, if said 

1 1 examining determines that transmission is not permitted. 
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